package com.example.springsecuritydemo.config;

import cn.hutool.core.convert.Convert;
import com.example.springsecuritydemo.costant.SecurityConstants;
import com.example.springsecuritydemo.filter.LoginFilter;
import com.google.common.collect.Lists;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

import java.util.List;

/**
 * spring Security配置安全控制中心
 *
 * @author chenggang
 * @date 2019/04/08
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 依赖注入自定义的登录成功处理器
     */
    @Autowired
    private AuthenticationSuccessHandler loginSuccessHandler;
    /**
     * 依赖注入自定义的登录失败处理器
     */
    @Autowired
    private AuthenticationFailureHandler loginFailHandler;
    /**
     * 注入我们自己的登录逻辑验证器AuthenticationProvider
     */
    @Autowired
    private AuthenticationProvider myProvider;

    /**
     * 注册没有权限的处理器
     */
    @Autowired
    private AccessDeniedHandler noAuthHandler;
    /**
     * jwt校验
     */
    @Autowired
    private LoginFilter loginFilter;

    /**
     * 退出验证
     */
    @Autowired
    private LogoutSuccessHandler logoutHandler;

    private List<String> urlList = Lists.newArrayList(SecurityConstants.DEFAULT_SIGN_IN_PROCESSING_URL_FORM);

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 这里可启用我们自己的登陆验证逻辑
        auth.authenticationProvider(myProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 禁用session用jwt
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and().formLogin()
                // 用于指定前后端分离的时候调用后台登录接口的名称 自定义登录页url,默认为/login 告诉user
                .loginProcessingUrl(SecurityConstants.DEFAULT_SIGN_IN_PROCESSING_URL_FORM)

                // 配置登录成功的自定义处理类
                .successHandler(loginSuccessHandler)
                // 配置登录失败的自定义处理类
                .failureHandler(loginFailHandler).and().logout()
                .logoutUrl(SecurityConstants.DEFAULT_LOGOUT_PROCESSING_URL_FORM)
                .logoutSuccessHandler(logoutHandler).and().authorizeRequests()
                // 不进行权限验证配置
                .antMatchers(Convert.toStrArray(urlList))
                .permitAll()
                // 其他的需要登陆后才能访问
                .anyRequest().authenticated()
                //.anyRequest().access("@rbacService.hasPermission(authentication,request)")
                .and()
                // 配置没有权限的自定义处理类
                .exceptionHandling().accessDeniedHandler(noAuthHandler).and()
                .addFilterBefore(loginFilter, UsernamePasswordAuthenticationFilter.class).cors().and()
                // 取消跨站请求伪造防护
                .csrf().disable();

    }

}
